7 min Read
06 Jan 2011

Written by Damien

Damien is one of the most widely quoted money and investment experts in the national press and has made numerous radio & TV appearances. He created MoneytotheMasses.com while working in the City when he became disillusioned with the way the public were left to fend for themselves because they could not afford financial advice.

More about Damien

The computer virus trying to steal your bank details – screenshots, advice and real examples

As further proof that I actually live what I write about, yesterday I very nearly became the victim of a pharming scam that attempted to steal my banking details.

What is pharming?

Pharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software (source Wikipedia)

How did it happen?

As normal I attempted to access the Lloyds TSB online banking site via my office PC. I entered the usual web address and was greeted by the 'usual' web site. Nothing seemed to be amiss. I then clicked the relevant on-screen button to log into my account.

As a bit of background for those who don't bank with Lloyds TSB - when you log on to the site there is a two stage process. One screen asks for a username and password before a second one asks for specific letters from a 'memorable word' which you have predetermined. This is a fairly standard procedure industry wide.

As I said nothing seemed untoward initially but then alarm bells start ringing in my head when I was prompted to enter my full password on the second log in page. This had never happened before and as a rule of thumb your bank will never ask your full password, but rather specific characters within it, i.e the 2nd, 4th and last character.

So I reloaded the Lloyds site only to be greeted with the same anomaly. Was this a new update from Lloyds TSB? So I tried to log on via a colleague’s PC and was greeted with the normal log in screens. Clearly I had a virus/trojan on my PC which was incredibly sophisticated and was trying to 'watch' (the technical word is pharm) as I typed in my passwords. It was doing this by attacking the browser address bar, and redirecting me to a fraudulent website when I typed a legitimate address.

Below I’ve provided screen prints of what I actually experienced and highlighted the 'give aways' that something was amiss.

How I saw through the Lloyds pharming scam

There can be tell-tale signs that something isn't right. Below I've shown the two log in screens. In each case the false (pharming) web page is given first and the true web page is given second. In order to aid you in spotting the key give aways I’ve highlighted them with red arrows. The correct version is in blue. (click on the images to enlarge them)

First log in screen

Second log in screen

You can see that the hackers had replicated the Lloyds TSB web page while removing any warnings and alerts about the fact that they never ask for your full username (but with the exception of one warning which they missed on the first log in page). Their intention was to effectively to steal my log in details as I logged in while leaving me blissfully unaware. Think of it like someone taking a copy of your front door keys when you are not looking before returning them unnoticed. You'd be blissfully unaware until one day you came home to find you’d been burgled.

The Egg.com pharming scam

Clearly the key pharming software was capable of creating bogus version of other sites. When I attempted to log on to Egg.com I was greeted with the normal log in screen but with one key difference. As well as the usual name, date of birth, and password fields two more fields had been snuck in. Namely, 'credit card number' and 'CVV' (which is the 3 digit number of the back of your card). Unfortunately I didn't manage to get a screen shot of the fake page so instead I've indicated with a green arrow below, on the real Egg log in screen, where the fake fields appeared.

The hackers were trying to get my credit card details so that they could then fraudulently use it.

So what you should do?

  • Be vigilant – never give your passwords or bank details to anyone, whether it's on the phone, email or on the internet. If a site you usually use seems 'different' don't use it and contact the company concerned to check if something is wrong. Both Lloyds TSB and Egg confirmed my suspicions.
  • Keep your anti-virus, spyware and firewall software updated - By having the latest software on your PC you should minimise the chances of being a victim of online fraud. Read my guide to the best internet security software that won’t dent your wallet to help you chose which solution may be best for you.
  • Don't use public PC's and be wary of using your work PC to manage your finances – you have no control over the security of these computers. That was my mistake
  • Let your friends and colleagues know about the above scams - You could save them a lot of pain, time and money. To make sharing this article even easier there are twitter and facebook 'like' buttons at the bottom of the article. Simply click on them and you will help spread the word and also introduce your friends to Money to the Masses.

Finally if you think you've been a victim of pharming then take action. Change all your passwords , cancel your cards and update your software so that the virus can be irradicated.

Image: Salvatore Vuono / FreeDigitalPhotos.net

Looking for a financial adviser near you?

Do you need financial advice? An independent financial adviser can show you how to make the most of your money.

Simply find your nearest qualified and regulated adviser using the UK’s largest adviser search.

Comments

  1. Anonymous January 7, 2011 at 10:11 am

    brilliant advice .. thanks for copying in the pages so that we can see the differences between the fake and the legitimate page, as they are very simular in appearance.